Hi, I'm new to this list.
I have postfix mail server with spam/virus protection running for many
years. All works fine except for some kind of spam still getting
through.
After a review I found out that almost all of that spam is mail from
spoofed freemain domains. After some googling I found and implemented
spoofed domain proterction which is to not allow sender and client
domains to differ for this spoofed domain list. It works fine except for
the postmaster. If the spam message is for postmaster it is not being
checked by this protection. And I can't tell why, so need your help.
Here is the log of such message, as I understand this message BCC'd for
user and postmaster which is aliased to casper, strange that it blocks
for user and accepts for postmaster:
======================================
Jun 9 20:50:22 darkstar postfix/smtpd[12627]: AA1D711B9AA:
client=sql.bizzmost.com[111.67.207.126]
Jun 9 20:50:33 darkstar postfix/smtpd[12627]: AA1D711B9AA: reject: RCPT
from sql.bizzmost.com[111.67.207.126]: 554 5.7.1
<sql.bizzmost.com[111.67.207.126]>: Client host rejected: Client Domain
Mismatch; from=<kuttermaf...@mail.ru> to=<u...@example.com> proto=ESMTP
helo=<sql.bizzmost.com>
Jun 9 20:50:35 darkstar postfix/cleanup[9232]: AA1D711B9AA:
message-id=<010783301.20100509751...@sql.bizzmost.com>
Jun 9 20:50:38 darkstar postfix/qmgr[17538]: AA1D711B9AA:
from=<kuttermaf...@mail.ru>, size=7044, nrcpt=1 (queue active)
Jun 9 20:50:38 darkstar postfix/lmtp[13889]: AA1D711B9AA:
to=<cas...@example.com>, orig_to=<postmas...@example.com>,
relay=meteor.dp.ua[/var/run/cyrus/socket/lmtp], delay=16,
delays=16/0/0/0.04, dsn=2.1.5, status=sent (250 2.1.5 Ok)
Jun 9 20:50:38 darkstar postfix/qmgr[17538]: AA1D711B9AA: removed
======================================
Related part of postfix configuration:
======================================
smtpd_restriction_classes =
verify_sender,
verify_domain_client,
verify_domain_sender,
verify_domain_helo,
verify_sender = reject_unverified_sender, permit
verify_domain_client =
check_client_access hash:/etc/postfix/maps/bad_domains,
check_client_access
regexp:/etc/postfix/maps/text_domain_client_mismatch,
reject
verify_domain_sender =
check_sender_access hash:/etc/postfix/maps/bad_domains,
check_client_access
regexp:/etc/postfix/maps/text_domain_sender_mismatch,
reject
verify_domain_helo =
check_helo_access hash:/etc/postfix/maps/bad_domains,
check_client_access
regexp:/etc/postfix/maps/text_domain_helo_mismatch,
reject
smtpd_delay_reject = yes
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_client_hostname,
reject_rbl_client list.dsbl.org,
reject_rbl_client zen.spamhaus.org
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_hostname
smtpd_sender_restrictions =
reject_non_fqdn_sender,
check_sender_access hash:/etc/postfix/rhsbl_sender_domain_whitelist,
reject_rhsbl_sender dsn.rfc-ignorant.org,
permit_sasl_authenticated,
check_client_access cidr:/etc/postfix/access_noauth,
check_sender_access hash:/etc/postfix/sender_access,
reject_unverified_sender
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/recipients_access,
reject_unverified_recipient,
reject_unlisted_recipient,
permit_sasl_authenticated,
check_client_access cidr:/etc/postfix/access_noauth,
reject_unauth_destination,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
check_sender_access hash:/etc/postfix/maps/verify_domain
======================================
Files:
======================================
File /etc/postfix/rhsbl_sender_domain_whitelist contains some domains to
whitelist
File /etc/postfix/access_noauth contains some local networks
# cat /etc/postfix/sender_access
example.com REJECT you must be autorized to send mail from this domain
File /etc/postfix/recipients_access is empty now
# cat /etc/postfix/maps/bad_domains
mail.ru OK
# cat /etc/postfix/maps/verify_domain
mail.ru verify_domain_client,verify_domain_helo
# cat /etc/postfix/maps/text_domain_client_mismatch
/./ 554 Client Domain Mismatch
======================================
--
Покотиленко Костик <cas...@meteor.dp.ua>
